NAT question

[spivy66]

router eth0/0 192.168.1.1
eth0/1 192.168.2.1
default gateway 192.168.1.23


i have a user with ip 192.168.2.212 which i need to be nated
to 192.168.1.45, how can I do this? i read up on some things but i don't want to break anything as this is a production router.

i need ip 192.168.2.212 look like its 192.168.1.45

any help would be great , thanks all

 

[Quadratic]

This can be done with a single one-to-one NAT statement:

Router(config)#ip nat inside source static 192.168.2.212 192.168.1.45

That should translate 192.168.1.45 as the outside IP, with 192.168.2.212 being the inside.

CCNP, CCDP

 

[spivy66]

thanks, but do i need to issue ip nat inside command on the interface ?

I did what you stated but still not working. my problem is simple..

i have a network 192.168.3.0/24 which only the 192.168.1.0/24 nw can see. I just need the ip 192.168.2.212 to be able to see it and i thought by nated the ip to a 192.168.1 address would fix that.

 

[Quadratic]

Ok, I thought it was a preexhisting NAT configuration.

Yes, you will need to define the inside and outside with "ip nat inside" and "ip nat outside". Put the inside on the interface in the 192.168.2.0 network and the outside on the interface in the 192.168.1.0 network. If this is a single router routing between each subnet, that should work.

CCNP, CCDP

 

[spivy66]

hello,

I tried that but now i cant ping either address. here is my config..


interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
ip policy route-map Traveler
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source static 192.168.2.212 172.17.1.45

 

[imbadatthis]

hi,
your NAT statement is wrong.

you have FA0/0 in 192.168.1.0/24 where you have your nat statement done to 172.17.1.45



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[Quadratic]

Where did you get 172.17.1.45 in that NAT statement? You said you were trying to translate to 192.168.1.45. Is that just a typo?

CCNP, CCDP

 

[spivy66]

sorry guys i meant to write 192.168.1.45 , that was a type o .. here is the config again I copied and pasted it this time.


Just to let you know I'm on a 2600

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
ip policy route-map Traveler
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source static 192.168.2.212 192.168.1.45

 

[Quadratic]

That looks like the right solution. Does it work as desired? Can a device inside the 192.168.1.0/24 network ping 192.168.1.45?

CCNP, CCDP

 

[imbadatthis]

post a sh run if not working still please

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[spivy66]

17.2mask#sh run
Building configuration...

Current configuration : 5407 bytes
!
! Last configuration change at 10:56:20 EST Tue Jul 20 2010 by danny
! NVRAM config last updated at 23:30:02 EST Fri Jul 16 2010 by danny
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 17.2mask
!
logging buffered 4096 debugging
logging console errors
no logging on
aaa new-model
aaa authentication login default local
aaa configuration config-username admin
enable secret 5 $1$dLI7$36GQ9ejCFOVn0aSMjj5ll.
!
username admin privilege 15 password 7 1511025C1C23733C27
username danny privilege 15 password 7 050914002A49401D161C04
username dann privilege 15
clock timezone EST 23
ip subnet-zero
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat outside
ip policy route-map Traveler
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
speed 100
full-duplex
!
ip nat inside source static 192.168.2.119 192.168.1.230
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.200
ip route 192.168.1.8 255.255.255.255 192.168.1.54
!
ip access-list standard Replication
remark deny Replication mask for the DR
deny 172.28.2.0 0.0.0.255 log
access-list 10 permit 192.168.1.8
access-list 30 permit 192.168.2.0 0.0.0.255
access-list 30 permit 192.168.1.0 0.0.0.255
route-map Traveler permit 10
match ip address 10
set ip next-hop 192.168.1.54
!
route-map Traveler permit 20
!
!
banner motd ^C Welcome to the OMSC router


This router is only to be used by the MIS group.

Any other user will be prosecuted under the fullest extent of the law ^C
!
line con 0
password 7 0017075F015C591304
line aux 0
line vty 0 4
privilege level 15
password 7 094F4759010C4F0A04
transport input telnet
!
no scheduler allocate
ntp clock-period 17208552
ntp server 129.6.15.28
end
!

 

[spivy66]

Guys, thanks for all your input, I came in this morning and it's working, weird...